8020325: static property does not work on accessible, public classes
Reviewed-by: attila, hannesw, lagergren
--- a/nashorn/make/build.xml Wed Jul 10 19:08:04 2013 +0530
+++ b/nashorn/make/build.xml Thu Jul 11 16:34:55 2013 +0530
@@ -219,8 +219,10 @@
target="${javac.target}"
debug="${javac.debug}"
encoding="${javac.encoding}"
- includeantruntime="false">
- <compilerarg line="-extdirs """/>
+ includeantruntime="false" fork="true">
+ <compilerarg value="-J-Djava.ext.dirs="/>
+ <compilerarg value="-Xlint:unchecked"/>
+ <compilerarg value="-Xlint:deprecation"/>
</javac>
<!-- tests that check nashorn internals and internal API -->
--- a/nashorn/src/jdk/nashorn/api/scripting/NashornScriptEngine.java Wed Jul 10 19:08:04 2013 +0530
+++ b/nashorn/src/jdk/nashorn/api/scripting/NashornScriptEngine.java Thu Jul 11 16:34:55 2013 +0530
@@ -195,11 +195,7 @@
if (! Modifier.isPublic(clazz.getModifiers())) {
throw new SecurityException("attempt to implement non-public interfce: " + clazz);
}
- final String fullName = clazz.getName();
- final int index = fullName.lastIndexOf('.');
- if (index != -1) {
- sm.checkPackageAccess(fullName.substring(0, index));
- }
+ Context.checkPackageAccess(clazz.getName());
}
final ScriptObject realSelf;
--- a/nashorn/src/jdk/nashorn/internal/codegen/CodeGenerator.java Wed Jul 10 19:08:04 2013 +0530
+++ b/nashorn/src/jdk/nashorn/internal/codegen/CodeGenerator.java Thu Jul 11 16:34:55 2013 +0530
@@ -1313,7 +1313,7 @@
}
@Override
- public boolean enterLiteralNode(final LiteralNode literalNode) {
+ public boolean enterLiteralNode(final LiteralNode<?> literalNode) {
assert literalNode.getSymbol() != null : literalNode + " has no symbol";
load(literalNode).store(literalNode.getSymbol());
return false;
--- a/nashorn/src/jdk/nashorn/internal/codegen/Compiler.java Wed Jul 10 19:08:04 2013 +0530
+++ b/nashorn/src/jdk/nashorn/internal/codegen/Compiler.java Thu Jul 11 16:34:55 2013 +0530
@@ -528,8 +528,8 @@
return this.env;
}
- private String safeSourceName(final Source source) {
- String baseName = new File(source.getName()).getName();
+ private String safeSourceName(final Source src) {
+ String baseName = new File(src.getName()).getName();
final int index = baseName.lastIndexOf(".js");
if (index != -1) {
--- a/nashorn/src/jdk/nashorn/internal/lookup/Lookup.java Wed Jul 10 19:08:04 2013 +0530
+++ b/nashorn/src/jdk/nashorn/internal/lookup/Lookup.java Thu Jul 11 16:34:55 2013 +0530
@@ -32,8 +32,6 @@
import java.lang.invoke.MethodHandles;
import java.lang.invoke.MethodType;
import jdk.nashorn.internal.runtime.JSType;
-import jdk.nashorn.internal.runtime.Property;
-import jdk.nashorn.internal.runtime.PropertyMap;
import jdk.nashorn.internal.runtime.ScriptRuntime;
/**
--- a/nashorn/src/jdk/nashorn/internal/objects/NativeDebug.java Wed Jul 10 19:08:04 2013 +0530
+++ b/nashorn/src/jdk/nashorn/internal/objects/NativeDebug.java Thu Jul 11 16:34:55 2013 +0530
@@ -179,6 +179,9 @@
/**
* Returns the property listener count for a script object
+ *
+ * @param self self reference
+ * @param obj script object whose listener count is returned
* @return listener count
*/
@Function(attributes = Attribute.NOT_ENUMERABLE, where = Where.CONSTRUCTOR)
--- a/nashorn/src/jdk/nashorn/internal/objects/NativeNumber.java Wed Jul 10 19:08:04 2013 +0530
+++ b/nashorn/src/jdk/nashorn/internal/objects/NativeNumber.java Thu Jul 11 16:34:55 2013 +0530
@@ -48,7 +48,6 @@
import jdk.nashorn.internal.runtime.PropertyMap;
import jdk.nashorn.internal.runtime.ScriptObject;
import jdk.nashorn.internal.runtime.ScriptRuntime;
-import jdk.nashorn.internal.lookup.MethodHandleFactory;
import jdk.nashorn.internal.runtime.linker.PrimitiveLookup;
/**
--- a/nashorn/src/jdk/nashorn/internal/objects/ScriptFunctionImpl.java Wed Jul 10 19:08:04 2013 +0530
+++ b/nashorn/src/jdk/nashorn/internal/objects/ScriptFunctionImpl.java Thu Jul 11 16:34:55 2013 +0530
@@ -212,10 +212,10 @@
// Instance of this class is used as global anonymous function which
// serves as Function.prototype object.
private static class AnonymousFunction extends ScriptFunctionImpl {
- private static final PropertyMap map$ = PropertyMap.newMap().setIsShared();
+ private static final PropertyMap anonmap$ = PropertyMap.newMap().setIsShared();
static PropertyMap getInitialMap() {
- return map$;
+ return anonmap$;
}
AnonymousFunction(final Global global) {
--- a/nashorn/src/jdk/nashorn/internal/runtime/Context.java Wed Jul 10 19:08:04 2013 +0530
+++ b/nashorn/src/jdk/nashorn/internal/runtime/Context.java Thu Jul 11 16:34:55 2013 +0530
@@ -39,13 +39,10 @@
import java.util.concurrent.atomic.AtomicLong;
import java.net.MalformedURLException;
import java.net.URL;
-import java.security.AccessControlContext;
import java.security.AccessController;
import java.security.CodeSigner;
import java.security.CodeSource;
-import java.security.Permissions;
import java.security.PrivilegedAction;
-import java.security.ProtectionDomain;
import java.util.Map;
import jdk.internal.org.objectweb.asm.ClassReader;
import jdk.internal.org.objectweb.asm.util.CheckClassAdapter;
@@ -208,7 +205,6 @@
private static final ClassLoader myLoader = Context.class.getClassLoader();
private static final StructureLoader sharedLoader;
- private static final AccessControlContext NO_PERMISSIONS_CONTEXT;
static {
sharedLoader = AccessController.doPrivileged(new PrivilegedAction<StructureLoader>() {
@@ -217,7 +213,6 @@
return new StructureLoader(myLoader, null);
}
});
- NO_PERMISSIONS_CONTEXT = new AccessControlContext(new ProtectionDomain[] { new ProtectionDomain(null, new Permissions()) });
}
/**
@@ -560,6 +555,21 @@
}
/**
+ * Checks that the given package can be accessed from current call stack.
+ *
+ * @param fullName fully qualified package name
+ */
+ public static void checkPackageAccess(final String fullName) {
+ final int index = fullName.lastIndexOf('.');
+ if (index != -1) {
+ final SecurityManager sm = System.getSecurityManager();
+ if (sm != null) {
+ sm.checkPackageAccess(fullName.substring(0, index));
+ }
+ }
+ }
+
+ /**
* Lookup a Java class. This is used for JSR-223 stuff linking in from
* {@code jdk.nashorn.internal.objects.NativeJava} and {@code jdk.nashorn.internal.runtime.NativeJavaPackage}
*
@@ -571,19 +581,7 @@
*/
public Class<?> findClass(final String fullName) throws ClassNotFoundException {
// check package access as soon as possible!
- final int index = fullName.lastIndexOf('.');
- if (index != -1) {
- final SecurityManager sm = System.getSecurityManager();
- if (sm != null) {
- AccessController.doPrivileged(new PrivilegedAction<Void>() {
- @Override
- public Void run() {
- sm.checkPackageAccess(fullName.substring(0, index));
- return null;
- }
- }, NO_PERMISSIONS_CONTEXT);
- }
- }
+ checkPackageAccess(fullName);
// try the script -classpath loader, if that is set
if (classPathLoader != null) {
--- a/nashorn/src/jdk/nashorn/internal/runtime/linker/JavaAdapterFactory.java Wed Jul 10 19:08:04 2013 +0530
+++ b/nashorn/src/jdk/nashorn/internal/runtime/linker/JavaAdapterFactory.java Thu Jul 11 16:34:55 2013 +0530
@@ -43,6 +43,7 @@
import jdk.internal.dynalink.beans.StaticClass;
import jdk.internal.dynalink.support.LinkRequestImpl;
import jdk.nashorn.internal.objects.NativeJava;
+import jdk.nashorn.internal.runtime.Context;
import jdk.nashorn.internal.runtime.ECMAException;
import jdk.nashorn.internal.runtime.ScriptFunction;
import jdk.nashorn.internal.runtime.ScriptObject;
@@ -101,13 +102,9 @@
assert types != null && types.length > 0;
final SecurityManager sm = System.getSecurityManager();
if (sm != null) {
- for (Class type : types) {
+ for (Class<?> type : types) {
// check for restricted package access
- final String fullName = type.getName();
- final int index = fullName.lastIndexOf('.');
- if (index != -1) {
- sm.checkPackageAccess(fullName.substring(0, index));
- }
+ Context.checkPackageAccess(type.getName());
}
}
return getAdapterInfo(types).getAdapterClassFor(classOverrides);
--- a/nashorn/src/jdk/nashorn/internal/runtime/linker/ReflectionCheckLinker.java Wed Jul 10 19:08:04 2013 +0530
+++ b/nashorn/src/jdk/nashorn/internal/runtime/linker/ReflectionCheckLinker.java Thu Jul 11 16:34:55 2013 +0530
@@ -25,10 +25,14 @@
package jdk.nashorn.internal.runtime.linker;
+import java.lang.reflect.Modifier;
+import jdk.internal.dynalink.CallSiteDescriptor;
import jdk.internal.dynalink.linker.GuardedInvocation;
import jdk.internal.dynalink.linker.LinkRequest;
import jdk.internal.dynalink.linker.LinkerServices;
import jdk.internal.dynalink.linker.TypeBasedGuardingDynamicLinker;
+import jdk.internal.dynalink.support.CallSiteDescriptorFactory;
+import jdk.nashorn.internal.runtime.Context;
/**
* Check java reflection permission for java reflective and java.lang.invoke access from scripts
@@ -52,6 +56,25 @@
throws Exception {
final SecurityManager sm = System.getSecurityManager();
if (sm != null) {
+ final LinkRequest requestWithoutContext = origRequest.withoutRuntimeContext(); // Nashorn has no runtime context
+ final Object self = requestWithoutContext.getReceiver();
+ // allow 'static' access on Class objects representing public classes of non-restricted packages
+ if ((self instanceof Class) && Modifier.isPublic(((Class<?>)self).getModifiers())) {
+ final CallSiteDescriptor desc = requestWithoutContext.getCallSiteDescriptor();
+ final String operator = CallSiteDescriptorFactory.tokenizeOperators(desc).get(0);
+ // check for 'get' on 'static' property
+ switch (operator) {
+ case "getProp":
+ case "getMethod": {
+ if ("static".equals(desc.getNameToken(CallSiteDescriptor.NAME_OPERAND))) {
+ Context.checkPackageAccess(((Class)self).getName());
+ // let bean linker do the actual linking part
+ return null;
+ }
+ }
+ break;
+ } // fall through for all other stuff
+ }
sm.checkPermission(new RuntimePermission("nashorn.JavaReflection"));
}
// let the next linker deal with actual linking
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/nashorn/test/script/basic/JDK-8020325.js Thu Jul 11 16:34:55 2013 +0530
@@ -0,0 +1,38 @@
+/*
+ * Copyright (c) 2010, 2013, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+/**
+ * JDK-8020325: static property does not work on accessible, public classes
+ *
+ * @test
+ * @run
+ */
+
+function printStatic(obj) {
+ print(obj.getClass().static);
+}
+
+printStatic(new java.util.ArrayList());
+printStatic(new java.util.HashMap());
+printStatic(new java.lang.Object());
+printStatic(new (Java.type("java.lang.Object[]"))(0));
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/nashorn/test/script/basic/JDK-8020325.js.EXPECTED Thu Jul 11 16:34:55 2013 +0530
@@ -0,0 +1,4 @@
+[JavaClass java.util.ArrayList]
+[JavaClass java.util.HashMap]
+[JavaClass java.lang.Object]
+[JavaClass [Ljava.lang.Object;]
--- a/nashorn/test/script/trusted/JDK-8006529.js Wed Jul 10 19:08:04 2013 +0530
+++ b/nashorn/test/script/trusted/JDK-8006529.js Thu Jul 11 16:34:55 2013 +0530
@@ -39,21 +39,19 @@
* and FunctionNode because of package-access check and so reflective calls.
*/
-var forName = java.lang.Class["forName(String)"]
-
-var Parser = forName("jdk.nashorn.internal.parser.Parser").static
-var Compiler = forName("jdk.nashorn.internal.codegen.Compiler").static
-var Context = forName("jdk.nashorn.internal.runtime.Context").static
-var ScriptEnvironment = forName("jdk.nashorn.internal.runtime.ScriptEnvironment").static
-var Source = forName("jdk.nashorn.internal.runtime.Source").static
-var FunctionNode = forName("jdk.nashorn.internal.ir.FunctionNode").static
-var Block = forName("jdk.nashorn.internal.ir.Block").static
-var VarNode = forName("jdk.nashorn.internal.ir.VarNode").static
-var ExecuteNode = forName("jdk.nashorn.internal.ir.ExecuteNode").static
-var UnaryNode = forName("jdk.nashorn.internal.ir.UnaryNode").static
-var BinaryNode = forName("jdk.nashorn.internal.ir.BinaryNode").static
-var ThrowErrorManager = forName("jdk.nashorn.internal.runtime.Context$ThrowErrorManager").static
-var Debug = forName("jdk.nashorn.internal.runtime.Debug").static
+var Parser = Java.type("jdk.nashorn.internal.parser.Parser")
+var Compiler = Java.type("jdk.nashorn.internal.codegen.Compiler")
+var Context = Java.type("jdk.nashorn.internal.runtime.Context")
+var ScriptEnvironment = Java.type("jdk.nashorn.internal.runtime.ScriptEnvironment")
+var Source = Java.type("jdk.nashorn.internal.runtime.Source")
+var FunctionNode = Java.type("jdk.nashorn.internal.ir.FunctionNode")
+var Block = Java.type("jdk.nashorn.internal.ir.Block")
+var VarNode = Java.type("jdk.nashorn.internal.ir.VarNode")
+var ExecuteNode = Java.type("jdk.nashorn.internal.ir.ExecuteNode")
+var UnaryNode = Java.type("jdk.nashorn.internal.ir.UnaryNode")
+var BinaryNode = Java.type("jdk.nashorn.internal.ir.BinaryNode")
+var ThrowErrorManager = Java.type("jdk.nashorn.internal.runtime.Context$ThrowErrorManager")
+var Debug = Java.type("jdk.nashorn.internal.runtime.Debug")
var parseMethod = Parser.class.getMethod("parse");
var compileMethod = Compiler.class.getMethod("compile", FunctionNode.class);
--- a/nashorn/test/src/jdk/nashorn/api/scripting/ScriptEngineTest.java Wed Jul 10 19:08:04 2013 +0530
+++ b/nashorn/test/src/jdk/nashorn/api/scripting/ScriptEngineTest.java Thu Jul 11 16:34:55 2013 +0530
@@ -968,7 +968,7 @@
// get implementation of a restricted package interface
try {
- log(Objects.toString(((Invocable)e).getInterface(PropertyAccessClass)));
+ log(Objects.toString(((Invocable)e).getInterface((Class<?>)PropertyAccessClass)));
fail("should have thrown SecurityException");
} catch (final Exception exp) {
if (! (exp instanceof SecurityException)) {